{"id":16398,"date":"2019-09-24T10:10:03","date_gmt":"2019-09-24T18:10:03","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2019\/09\/24\/news-10139\/"},"modified":"2019-09-24T10:10:03","modified_gmt":"2019-09-24T18:10:03","slug":"news-10139","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/09\/24\/news-10139\/","title":{"rendered":"15,000 webcams vulnerable to attack: how to protect against webcam hacking"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Tue, 24 Sep 2019 17:19:23 +0000<\/strong><\/p>\n<p>Webcams may have <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/11\/25th-anniversary-of-webcam-what-did-it-bring-us\/\" target=\"_blank\" rel=\"noopener noreferrer\">been around for a long time<\/a>, but that doesn\u2019t mean we know what we\u2019re doing with them. Webcam hacking has been around for equally as long, yet <a href=\"https:\/\/www.wizcase.com\/blog\/webcam-security-research\/\" target=\"_blank\" rel=\"noopener noreferrer\">new research from Wizcase<\/a> indicates that more than 15,000 private, web-connected cameras are exposed and readily accessible to the general public.<\/p>\n<p>So forget hacking, cybercriminals can just take a stroll through the Internet and grab whatever webcam footage they like for the taking.<\/p>\n<p>Malware targeting web cameras is a mainstay of the malicious hacker\u2019s toolkit. Sometimes it\u2019s for profit and blackmail. Often the <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2019\/02\/sextortion-bitcoin-scam-makes-unwelcome-return\/\" target=\"_blank\" rel=\"noopener noreferrer\">threat of footage that doesn\u2019t exist<\/a> is mashed up with old data breaches to force people to part with their money.<\/p>\n<p>Other times, people would hack PCs and reveal shock meme footage on a victim\u2019s desktop, then capture screenshots for posterity, sharing them on hacker forums for giggles and bragging rights.<\/p>\n<p>Mainly, what seems to be happening a lot right now is a whole lot of negligence. People are connecting their cameras to the Internet without any security features enabled. Worse still, many cams don\u2019t have any security features to enable in the first place.<\/p>\n<h3>A persistent problem<\/h3>\n<p>We\u2019ve spoken at length as to why security features <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2018\/07\/iot-domestic-abuse-can-stop\/\" target=\"_blank\" rel=\"noopener noreferrer\">aren\u2019t necessarily advertised<\/a> front and centre in the instructions of IoT devices. Companies want to seduce buyers with cool tools and amazing features, not ram \u201cSET UP A PASSWORD\u201d down their throats on page one of the instruction booklet. It\u2019s strange, considering how safety and security messaging is typically high priority for other products.<\/p>\n<p>When was the last time you saw a car advertised without some sort of passing mention of seatbelts, or how good the rollcage is, or how many airbags they have, or words like \u201csafety for the whole family\u201d? Epilepsy, violence, and adult language warnings are now a prominent feature of video games, movies, and television. Even social media comes with trigger warnings.<\/p>\n<p>Computer equipment, though? Somehow it seems to run the risk of making the cool toys very uncool indeed. You know what\u2019s <em>definitely<\/em> worse than security warnings all over the place?<\/p>\n<p>Default configurations exposing your webcam\u2019s stream to the whole world.<\/p>\n<h3>Webcam hacking the planet<\/h3>\n<p>Researchers from Wizcase discovered the following:<\/p>\n<p>Around 15,000 webcams located in homes, businesses, places of worship, and many more were placed online without additional security measures. Regions spanned the globe, from Argentina and Brazil to the UK and Vietnam. Both adults at work and children presumably at home were all easily viewable after the cams were accessed remotely. This is a clear privacy and security risk, especially in terms of potential damage threatened by <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/06\/somethings-phishy-how-to-detect-phishing-attempts\/\" target=\"_blank\" rel=\"noopener noreferrer\">phishing<\/a>, blackmail, sextortion, and more.<\/p>\n<p>The cams offered up problems such as unsecured P2P networking and lack of password authentication on devices with <a href=\"https:\/\/en.wikipedia.org\/wiki\/Universal_Plug_and_Play#targetText=Universal%20Plug%20and%20Play%20(UPnP,sharing%2C%20communications%2C%20and%20entertainment.\" target=\"_blank\" rel=\"noopener noreferrer\">Universal Plug and Play (UPnP)<\/a> enabled, and easily guessable default login passwords for admin. In situations where consumers expected products to work \u201cout of the box,\u201d this problem was exacerbated by a lack of security knowledge.<\/p>\n<p>In addition, not only were the cam streams accessible, but there were also other areas where admin could be compromised by webcam hacking techniques. Geolocation and potential control of devices was also possible.<\/p>\n<p>Some of the devices looked at in the research include the following:<\/p>\n<ul>\n<li>AXIS net cameras<\/li>\n<li>Cisco Linksys webcam<\/li>\n<li>IP Camera Logo Server<\/li>\n<li>IP WebCam<\/li>\n<li>IQ Invision web camera<\/li>\n<li>Mega-Pixel IP Camera<\/li>\n<li>Mobotix<\/li>\n<li>WebCamXP 5<\/li>\n<li>Yawcam<\/li>\n<\/ul>\n<p>There&#8217;s an astonishing amount of <a href=\"https:\/\/blog.malwarebytes.com\/glossary\/pii\/\" target=\"_blank\" rel=\"noopener noreferrer\">personally identifiable information (PII)<\/a> up for grabs, then, and in many ways and formats. Screenshots, audio, moving images, things consumers shouldn&#8217;t be viewing deep in the heart of a business, things you shouldn\u2019t have access to in a home environment\u2014it\u2019s all there.<span class=\"Apple-converted-space\">\u00a0<\/span><\/p>\n<p>This certainly isn\u2019t \u201cjust\u201d a webcam hacking problem. Harassing toddlers via baby monitors? <a href=\"https:\/\/www.computerworld.com\/article\/2913356\/2-more-wireless-baby-monitors-hacked-hackers-remotely-spied-on-babies-and-parents.html\" target=\"_blank\" rel=\"noopener noreferrer\">Sure<\/a>, those stories come around regularly. Home hubs not locked down as well as they could be? <a href=\"https:\/\/twitter.com\/paperghost\/status\/1174996000425033729\" target=\"_blank\" rel=\"noopener noreferrer\">The frankly bizarre sky\u2019s the limit<\/a>.<\/p>\n<h3>Webcam security tips<\/h3>\n<p>As with most Internet-connected devices, good security practices will help steer you clear of this danger. Keep your system up to date, along with your <a href=\"http:\/\/www.malwarebytes.com\/pricing\" target=\"_blank\" rel=\"noopener noreferrer\">chosen selection of security tools<\/a>, and perform regular scans to keep everything in ship shape condition.<\/p>\n<p>If your cam is a USB connected to a desktop, you can always unplug when not in use.<\/p>\n<p>If the cam is integrated into your laptop, you can <a href=\"https:\/\/www.cnet.com\/how-to\/how-to-disable-your-webcam-in-windows-10\/\" target=\"_blank\" rel=\"noopener noreferrer\">turn it off completely<\/a> via Device Manager.<\/p>\n<p>You should also consider adding a webcam cover to your device if it doesn\u2019t have one already fitted. If you need to cover a cam in a hurry, pretty much anything sticky will do the job. Masking tape is absolutely your friend.<\/p>\n<p>If you\u2019re worried about your conversations being recorded, you can also <a href=\"https:\/\/www.windowscentral.com\/how-disable-your-laptops-webcam-and-microphone\" target=\"_blank\" rel=\"noopener noreferrer\">kill off the microphone<\/a> should you so desire.<\/p>\n<p>Most webcams should fire up a visible light to let you know when they&#8217;re in use. Some devices don\u2019t do this, and so Windows 10 has the option to <a href=\"https:\/\/support.microsoft.com\/en-us\/help\/4468232\/windows-10-camera-microphone-and-privacy\" target=\"_blank\" rel=\"noopener noreferrer\">notify you when something is making use of it<\/a>.<\/p>\n<p>If you think files are being recorded, they could well be stored on your machine somewhere. It\u2019d be well worth having a look around some common (and not so common) file locations. There\u2019s also plenty of programs out there designed to see what\u2019s eating up space on your hard drive, so you could use one of those to look for common video files or other large-sized files.<\/p>\n<h3>Cheap and nasty?<\/h3>\n<p>Standalone cams are notorious for not being secured properly. If you have a <a href=\"https:\/\/blog.malwarebytes.com\/security-world\/2018\/04\/please-dont-buy-smart-toys\/\" target=\"_blank\" rel=\"noopener noreferrer\">cheap IoT device<\/a> in your home watching over your sleeping toddler, or a few handy cams serving as convenient CCTV when you head off to the shops, take heed. It may be that the price for accessing said device on your mobile or tablet is a total lack of security.<\/p>\n<p>Always read the manual and see what type of security the device is shipping with. It may well be that it has passwords and lockdown features galore, but they\u2019re all switched off by default. If the brand is obscure, you\u2019ll still almost certainly find someone, somewhere has already asked for help about it online.<\/p>\n<h3>Tuning in to chaos<\/h3>\n<p>While this isn\u2019t anything particularly new where webcams and devices in the home are concerned, it\u2019s a timely reminder to be careful about what we invite into our homes. Even the best devices can run into an exploit, and it\u2019s a fact that many webcam devices don\u2019t come anywhere close to being \u201cthe best.\u201d Indeed, security researchers run into devices thrown together as cheaply as possible with no thought given to security all the time.<\/p>\n<p>Until <a href=\"https:\/\/blog.malwarebytes.com\/101\/2017\/12\/internet-things-iot-security-never\/\" target=\"_blank\" rel=\"noopener noreferrer\">security is baked right into<\/a> these useful yet potentially dangerous tools, and marketing teams realise it\u2019s okay to allow a little drag on the initial user experience to ensure everything is locked down, this will continue to happen.<\/p>\n<p>If you\u2019re unsure about a particular brand, it won\u2019t hurt to have a little dig around online first before purchasing. Pay close attention to security features listed or (more problematically) no security features listed whatsoever. If the device looks appealing and on sale at a surprisingly cheap price, a lack of any brand name listed whatsoever may be the point where alarm bells start going off.<\/p>\n<p>You simply can\u2019t be sure what you\u2019re taking home at that point, and even the various security tips up above may not be enough to keep things safe and clean at all times. Be on your guard, drop some tape on that ever-present eye in the corner of your room, and go about your day. It&#8217;s definitely a problem, but it isn&#8217;t one you need to let rule your day-to-day online experience.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/09\/15000-webcams-vulnerable-how-to-protect-webcam-hacking\/\">15,000 webcams vulnerable to attack: how to protect against webcam hacking<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/09\/15000-webcams-vulnerable-how-to-protect-webcam-hacking\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Tue, 24 Sep 2019 17:19:23 +0000<\/strong><\/p>\n<table cellpadding='10'>\n<tr>\n<td valign='top' align='center'><a href='https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/09\/15000-webcams-vulnerable-how-to-protect-webcam-hacking\/' title='15,000 webcams vulnerable to attack: how to protect against webcam hacking'><img src='https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2019\/09\/shutterstock_413910028.jpg' border='0'  width='300px'  \/><\/a><\/td>\n<\/tr>\n<tr>\n<td valign='top' align='left'>We take a look at the ever-present threat of webcam hacking, and what you can do to avoid being caught out.<\/p>\n<p>Categories: <\/p>\n<ul class=\"post-categories\">\n<li><a href=\"https:\/\/blog.malwarebytes.com\/category\/hacking-2\/\" rel=\"category tag\">Hacking<\/a><\/li>\n<\/ul>\n<p>Tags: <a href=\"https:\/\/blog.malwarebytes.com\/tag\/cam\/\" rel=\"tag\">cam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/camera\/\" rel=\"tag\">camera<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/devices\/\" rel=\"tag\">devices<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hackers\/\" rel=\"tag\">hackers<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hacking\/\" rel=\"tag\">hacking<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/hub\/\" rel=\"tag\">hub<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/internet-of-things\/\" rel=\"tag\">Internet of Things<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/iot\/\" rel=\"tag\">IoT<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/iot-devices\/\" rel=\"tag\">IoT devices<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/monitor\/\" rel=\"tag\">monitor<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/security-by-design\/\" rel=\"tag\">security by design<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/vulnerabilities\/\" rel=\"tag\">vulnerabilities<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/webcam\/\" rel=\"tag\">webcam<\/a><a href=\"https:\/\/blog.malwarebytes.com\/tag\/webcam-hacks\/\" rel=\"tag\">webcam hacks<\/a><\/p>\n<table width='100%'>\n<tr>\n<td align=right>\n<p><b>(<a href='https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/09\/15000-webcams-vulnerable-how-to-protect-webcam-hacking\/' title='15,000 webcams vulnerable to attack: how to protect against webcam hacking'>Read more&#8230;<\/a>)<\/b><\/p>\n<\/td>\n<\/tr>\n<\/table>\n<\/td>\n<\/tr>\n<\/table>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/hacking-2\/2019\/09\/15000-webcams-vulnerable-how-to-protect-webcam-hacking\/\">15,000 webcams vulnerable to attack: how to protect against webcam hacking<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[16689,13896,6275,6272,3919,9583,6269,10495,13269,15425,22999,10752,20294,23000],"class_list":["post-16398","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-cam","tag-camera","tag-devices","tag-hackers","tag-hacking","tag-hub","tag-internet-of-things","tag-iot","tag-iot-devices","tag-monitor","tag-security-by-design","tag-vulnerabilities","tag-webcam","tag-webcam-hacks"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16398","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=16398"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/16398\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=16398"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=16398"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=16398"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}